An Post GeoDirectory DAC is committed to safeguarding the privacy of our websites (www.addressfix.ie and www.geoaddressfix.ie) and applications (together, the Site) visitors and users of the Site (you, your, User).

In this privacy and cookies policy (Privacy Policy), we, us, our and APG refers to An Post GeoDirectory DAC (company number 240986 and having its registered office at An Post, General Post Office, O'Connell Street, Dublin 1, D01 F5P2).
This Privacy Policy applies to Users of the Site and to any services available on the Site, which primarily relate to you submitting addresses to us via the Site, and us ‘fixing’ those addresses by checking them against our database of addresses, and then us making the ‘fixed’ address information available to you (the Service). In order to use the Service, you will be required to register an account on the Site (your Account).
Please read the following carefully. By accepting the terms of this Privacy Policy you agree that you have reviewed the terms of this Privacy Policy and have agreed to be bound by it.  If you do not agree to these terms you must leave our Site immediately.
Personal Data means any information that APG has or obtains or which you provide to us, such as your name, email address, IP addresses, online identifiers and telephone number(s) from which you can be directly or indirectly personally identified.
We will handle your Personal Data in accordance with Data Protection Legislation. Data Protection Legislation means the Irish Data Protection Acts 1988 to 2018, the General Data Protection Regulation (EU) 2016/679 (GDPR), and any other applicable law or regulation relating to the processing of personal data and to privacy (including the E-Privacy Directive and the European Communities (Electronic Communications Networks and Services) (Privacy and Electronic Communications) Regulations 2011 (E-Privacy Regulations), as such legislation may be supplemented, amended, revised or replaced from time to time.
This Privacy Policy explains how we will manage your Personal Data, why we use it, your rights in respect of your Personal Data and how you may contact us.
Status of APG and what Personal Data we process
Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller.
In the course of registering your Account, the process asks for/collects, or we may separately collect from you in respect of your use of the Service: (i) basic information, such as your name (including name prefix or title), your title or position; (ii) contact information, such as your postal address, email address and phone number(s); (iii) financial information, such as payment-related information; (iv) technical  and browser related information, such as information from your visits to our Site or in relation to materials and communications we send to you electronically; (v) identification, location and background information provided by you; or (vi) any other information relating to you which You may provide to us (other than User Uploaded Data (as defined below)). When you log into the Service, our servers automatically record information that your browser sends whenever you visit a website. These server logs may include information such as your web request, Internet Protocol address, browser type and settings, browser language location data, the address of the web page visited before using the Service, the date and time the Service was used, information about browser configuration and plugins, language preferences and one or more cookies that may uniquely identify your browser. When you send email or other communication to APG (other than in respect of User Uploaded Data included in support requests), we may retain those communications in order to process your inquiries, respond to your requests and improve our Service (any Personal Data that we collect from you for these purposes is hereinafter referred to together as Your Data). APG is a Controller in respect of Your Data. This Privacy Policy deals with our processing of Your Data.
Your Data is separate from and should be distinguished from User Uploaded Data. User Uploaded Data is data uploaded by you or others through your Account/your use of the Service, and which should only include addresses; however, it is outside of our control whether you include other Personal Data which has not been requested by us. APG is a Processor and you are the Controller in respect of User Uploaded Data (to the extent that it includes Personal Data). The Service Terms of Use ([ ]) (the Terms) deal with our processing of User Uploaded Data (not Your Data) on your behalf.
When you are a Controller in respect of the Personal Data of other data subjects contained in User Uploaded Data, then you must comply with all of your Controller obligations under Data Protection Legislation in that regard.

Why we use and hold Your Data

We use Your Data:

a) for the purposes of performing any contracts you have entered into with APG (for example, the Terms);

b) to provide and improve our Site and Service, including auditing and monitoring its use;

c) to manage and administer our relationship with you;

d) to send you updates, publications and details of events;

e) to process information contained in or relating to any communication that you send to us. The correspondence data may include the communication content and metadata associated with the communication. Our Site will generate the metadata associated with communications made using the Site contact forms. The correspondence data may be processed for the purposes of communicating with you and record-keeping;

f) for such purposes as you have consented, such as for marketing (see Marketing Preferences below);

g) for such other purposes as were notified to you at the time you provide the information to us.

Legal Basis for Processing

The legal bases upon which any Personal Data which we collect from you, or that you provide to us, is processed are as follows:

a) for the purposes of performing a contract you have entered into with APG (for example, The Terms);

b) for compliance with our legal obligations;

c) where you have given us your express consent;

d) where our use is for a legitimate purpose of APG (where this does not over-ride your right to privacy), or where we are otherwise legally entitled to process Your Data, including but not limited to: When we disclose Your Data

We will not disclose Your Data except as outlined above and / or as follows:

(a) where the disclosure is necessary to enable us to carry out our obligations under any agreement we have with you;

(b) to verify the authenticity of documentation provided to us;

(c) to anyone providing a service to us or acting as our agents, which may include our shareholders or third party service providers, on the understanding that they will keep Your Data confidential;

(d) where we need to share Your Data with our shareholders, our auditors and our legal and other advisors;

(e) to any (or any proposed) assignee, transferee, or successor in title to the whole or any relevant part of our business, and their respective officers, employees, agents and advisers;

(f) where we reasonably believe that you are or may be in breach of any applicable laws, for example on hate speech, we may disclose Your Data to relevant third parties, including law enforcement agencies or your internet service provider, subject to such disclosure being permitted under applicable laws, including Data Protection Legislation; and

(g) if the disclosure is required by law or regulation, or court or administrative order having force of law.
We will not otherwise share Your Data with any third party unless we receive your prior written consent (or we have another valid legal basis) to do so.
We have appropriate contracts in place with any third parties with whom we share Your Data, in compliance with relevant requirements under Data Protection Legislation.

Other Recipients of Your Data

In any case where we are acting on our own behalf and we share Your Data with a third party Controller, in accordance with the above section, (including, as appropriate, counterparties to transactions on your Account), the use by that third party of Your Data will be subject to the third party’s own privacy policies. 

When you visit our Site, you are accepting the Terms, as well as the terms of this Privacy Policy. 

This Privacy Policy applies to the Site and Service owned and/or operated by APG.  We do not exercise control over the sites or applications that may be linked from our websites or applications.  These other sites/applications may place their own cookies or other files on your computer, collect data or solicit personal information from you.  You acknowledge that the Service that we provide and our Site may enable or assist you to access the website content of, correspond with, and purchase products and services from, third parties via third-party websites and that you do so solely at your own risk.  We make no representation or commitment and shall have no liability or obligation whatsoever in relation to the content or use of, or correspondence with, any such third-party website, or any transactions completed, and any contract entered into by you, with any such third party and the use by any such third party of your Personal Data. We do not endorse or approve any third party website nor the content of any of the third party websites made available via our Service or on our Site.  We encourage you to carefully familiarise yourself with the terms of use and privacy policies applicable to any websites and/or services operated by third parties.  Please be aware that we are not responsible for the privacy practices of any third parties.

International Transfers of Personal Data

Your Data may be transferred to, stored at, or accessed from a destination outside the European Economic Area (EEA) for the purpose of us providing the Service to you.  By submitting Your Data you explicitly consent to this transfer, storing or processing.  We will take all steps reasonably necessary to ensure that Your Data is treated securely and in accordance with this Privacy Policy.  The safeguards in place with regard to the transfer of Your Data outside of the EEA to third parties are the entry by us into appropriate contracts with all transferees of such data or pursuant to approved arrangements such as Privacy Shield.

Without prejudice to the foregoing, it is specifically acknowledged that APG may transfer Your Data to Salesforce (a Customer Relationship Management platform provider based in the United States of America). 

Retention of Personal Data

We are obliged to retain certain customer information to ensure accuracy, to help maintain quality of service and for compliance with legal obligations, fraud prevention, to resolve disputes, to enforce our agreements, to support business operations and legitimate business purposes.

Your Data will be kept and stored for such period of time as we deem necessary taking into account the purpose for which it was collected in the first instance.  Personal Data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes. In general, Account related Personal Data will be kept for the period of potential contractual claims plus a reasonable period thereafter (7.5 years), and non-Account related Personal Data will be routinely deleted after a period of two years.

Use of Cookies

A cookie is a small piece of information which is transferred to your computer’s hard disk from a website.  Cookies can store information about your preferences and other information which you need when you visit a website. 

We use cookies to help us to improve our Service and our Site and to deliver a better and more personalised service to you.  Please read our cookies policy for further information on our use of cookies.

By using our Service and Site and accepting the terms of this Privacy Policy you are consenting to the use of cookies as described in our cookies policy.



Your rights in relation to Your Data

Updating and correcting Your Data

If we hold incorrect Personal Data about you, you have the right to have Your Data amended by us.  While we will use reasonable efforts to keep Your Data up to date, you will need to notify us without delay in the event of any change in your personal circumstances, so that we can keep Your Data up to date.  It is your responsibility that all of Your Data provided to us is accurate and complete.

You can update Your Data by contacting us via the following link [https://www.geodirectory.ie/get-in-touch], together with:

1. Your name and address.
2. A description of the specific Personal Data you wish to have rectified.

Right of erasure

You have the right in some circumstances to have Your Data, which we hold, erased.  If you request an erasure of Your Data, all of Your Data will be erased subject to the following important notice.

We will not be required to erase Your Data where to do so would prevent us from meeting our respective contractual obligations, or where we are required to process (including retaining) Your Data in order to comply with a legal obligation, or if Your Data is necessary to establish, exercise or defend our legal rights or for the purpose of legal proceedings.

Right of Access

You have a right to be given a copy of Your Data on request, subject to certain exceptions, including those referred to below.  To request a copy of Your Data, please contact us via the following link [https://www.geodirectory.ie/get-in-touch]. 

Please note that we have the right to require that you identify yourself before we will respond to any access request.  To help us find the information easily, please give us as much information as possible about the type of information you would like to see.  If, to comply with your request, we would have to disclose information relating to or identifying another person, we may need to obtain consent of that person, if possible.  If we cannot obtain consent, we may need to withhold that information or edit the data to remove the identity of that person if possible.

There are certain types of data which we are not obliged to disclose to you, which include Personal Data which records our intentions in relation to any negotiations with you where disclosure would be likely to prejudice those negotiations.  We are also entitled to refuse a data access request from you where (i) such request is manifestly unfounded or excessive, in particular because of its repetitive character (in this case if we decide to provide you with the Personal Data requested, we may charge you a reasonable fee to account for administrative costs in doing so), or (ii) we are otherwise entitled to do so pursuant to Data Protection Legislation.

Restriction of processing

You also have the right, in certain circumstances, to request restriction on the use, of Your Data, and to object to certain uses of Your Data, in each case subject to the restrictions set out in applicable Data Protection Legislation.  You may request that we stop processing Your Data temporarily if:

• you do not think that Your Data is accurate (but we will start processing again once have checked and confirmed that it is accurate);
• the processing is unlawful but you do not want us to erase Your Data;
• we no longer need Your Data for our processing;
• or you have objected to processing because you believe that your interests should override the basis upon which we process Your Data.

If you exercise your right to restrict us from processing Your Data, we will continue to process Your Data if:

• you consent to such processing:
• the processing is necessary for the exercise or defence of legal claims;
• the processing is necessary for the protection of other individuals or legal persons; or
• the processing is necessary for public interest reasons.

Where we rely on a legitimate purpose of ours or of a third party recipient of Your Data, in order to use and disclose Your Data, you are entitled to object to such use or disclosure of Your Data, and if you do so, we will cease to use and process Your Data for that purpose, unless we can show there are compelling legitimate reasons for us to continue or we need to use Your Data for the purposes of legal claims. 

Withdrawal of consent

In any case where we rely on your consent to process Your Data (for example with respect to direct marketing or in the use of your location data in our mobile application), you have the right to change your mind and withdraw consent by contacting us via the following link [https://www.geodirectory.ie/get-in-touch].  Please note that if you withdraw your consent to such processing, it may not be possible for us to provide all or a part of our Service to you.

Automated decision-making

You may ask us to ensure that we do not make any decision with respect to you based solely on an automated process, and to have any decision reviewed by a member of staff.  Profiling may occur in relation to Your Data for the purposes of targeted advertising and de-targeting you from specified advertising.  This allows us to tailor our advertising to the appropriate customers and helps to minimise the risk of you receiving unwanted advertising.  These rights will not apply in all circumstances, for example where the decision is (i) authorised or required by law; (ii) necessary for the performance of a contract between you and us; or (iii) is based on your explicit consent.  In all cases, we will endeavour that steps have been taken to safeguard your interests.

Complaints

You have the right to lodge a complaint about our processing of Your Data with the Data Protection Commissioner at info@dataprotection.ie; however, if you contact us in the first instance via the following link [https://www.geodirectory.ie/get-in-touch ], we may be able to resolve the issue.

How do we protect your personal information

We do our utmost to protect user privacy through the appropriate use of security technology.  We restrict access to Your Data to employees, contractors and agents who need to know Your Data in order to operate, develop or improve the Service or our Site.  We ensure that we have appropriate physical and technological security measures to protect your information; and we ensure that when we outsource any processes that the service provider has appropriate security measures in place.  However, our website may contain hyperlinks to websites owned and operated by third parties.  These third party websites have their own privacy policies, including cookies.  We do not accept any responsibility or liability for the privacy practices of such third party websites and your use of such websites is at your own risk.

We will implement appropriate technical and organisational measures to ensure a level of security appropriate to the risks that are presented by the processing of Your Data.  In particular, we will consider the risks presented by accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Your Data transmitted, stored or otherwise processed.

Unfortunately, the transmission of information via the internet is not completely secure.  Although we will do our best to protect Your Data, we cannot guarantee the security of any data transmitted to us and any such transmission is at your own risk.  Once we have received your information, we will use procedures and security features to try to prevent unauthorised access.  To the extent permitted by law, we are not responsible for any delays, delivery failures, or any other loss or damage resulting from (i) the transmission of data over communications networks and facilities, including the internet; or (ii) any delay or delivery failure on the part of any other service provider not contracted by us, and you acknowledge that our website may be subject to limitations, delays and other problems inherent in the use of such communications facilities.  You will appreciate that we cannot guarantee the absolute prevention of cyber-attacks such as hacking, spyware and viruses.  Accordingly, you will not hold us liable for any unauthorised disclosure, loss or destruction of Your Data arising from such risks.
All information you provide to us is stored on our (or contracted third party) secure servers. Where we have given you (or where you have chosen) a password which enables you to access any part of our Site or your Account, you are responsible for keeping this password confidential. We ask you not to share a password with any person not authorised to use the Service.

Breach reporting

We will notify serious data breaches in respect of Your Data to the Data Protection Commission without undue delay, and where feasible, not later than 72 hours after having become aware of same.  If notification is not made after 72 hours, we will record a reasoned justification for the delay; however it is not necessary to notify the Data Protection Commission where the Personal Data breach is unlikely to result in a risk to the rights and freedoms of natural persons.  A Personal Data breach in this context means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data transmitted, stored or otherwise processed.

We will keep a record of any data breaches, including their effects and the remedial action taken, and will notify you of any data breach affecting Your Data (which poses a high risk to you) when we are required to do so under Data Protection Legislation.  We will not be required to notify you of a data breach where:

• we have implemented appropriate technical and organisational measures that render the Personal Data unintelligible to anyone not authorised to access it, such as encryption; or
• we have taken subsequent measures which ensure that the high risk to data subjects is not likely to materialise; or
• it would involve disproportionate effort, in which case we may make a public communication instead.

Marketing preferences

Where you have agreed to receive marketing from APG, and its affiliated companies and/or select third parties, we will use this information to contact you with news and special offers from APG, and its affiliated companies and select third parties where applicable.

We may use and analyse Your Data, including transaction data on your accounts, in order to make the marketing materials we send to you more relevant to your interests and requirements.  We may also use Your Data as part of more general marketing, statistical and product development analyses in relation to our business generally.

You can object to us analysing Your Data in this way by contacting us via the following link [https://www.geodirectory.ie/get-in-touch].  If you do object to this analysis, the marketing information you receive will not be made more relevant to you.

Your Data will not be given to any third parties for marketing purposes.  Where you have opted to receive marketing information, you will always be contacted by APG. 

You can change your marketing preferences at any time by contacting us via the following link [https://www.geodirectory.ie/get-in-touch].

Each time we send you marketing information, we will give you the option to change your mind about receipt of marketing.

Updates and amendments

APG may change its Privacy Policy from time to time and at APG's sole discretion.  The date of the most recent revisions will appear on this page.  If you do not agree to these changes, please do not continue to submit Your Data.  If material changes are made to the Privacy Policy, we will notify you by placing a prominent notice on our Site or by sending you a notification in relation to same.  We will not process Your Data in a manner not contemplated by this Privacy Policy without your consent (or other valid legal basis).

Contact Us

Any queries or complaints regarding our use of Your Data, this Privacy Policy and / or the exercise of your individual rights should be addressed to the Data Protection Co-Ordinator, An Post GeoDirectory DAC, Room 3A, GPO, O’Connell Street, Dublin 1, D01 F5P2, or should be made via the following link [https://www.geodirectory.ie/get-in-touch].
We will respond to any rights that you exercise within a month of receiving your request, unless the request is particularly complex or cumbersome, in which case we will respond within three months (we will inform you within the first month if it will take longer than one month for us to respond). Where a response is required from us within a particular time period pursuant to Data Protection Legislation, we will respond within that time period.
Last updated on 18 June 2019.